Mailinglist Archive: opensuse-commit (869 mails)

commit dante for openSUSE:Factory

here is the log from the commit of package dante for openSUSE:Factory
checked in at Wed Oct 20 18:15:45 CEST 2010.

--------
--- dante/dante.changes 2009-04-01 16:29:23.000000000 +0200
+++ /mounts/work_src_done/STABLE/dante/dante.changes 2010-10-20
12:56:21.000000000 +0200
@@ -1,0 +2,133 @@
+Wed Oct 20 12:44:04 CEST 2010 - ro@xxxxxxx
+
+- FIXME: could add upnp support if we had a miniupnp package from
+ http://miniupnp.free.fr
+
+- update to 1.2.2
+ o Fix PAM bug introduced in v1.2.0 that would leak resources when
+ using PAM. Also relax the code handling PAM concerning
+ unknown msg_styles.
+ o Set PAM_RUSER so that rhosts-based PAM authentication can work.
+ o Wrapper for calling getsockopt(2) with SO_ERROR added.
+
+- update to 1.2.1
+ o GSSAPI support is no longer disabled on heimdal versions older than
+ 0.8.0, which have no wrap/unwrap support for aes256-cts-hmac-sha1-96.
+ The following krb5.conf configuration might be needed to ensure that
+ AES-256 is not used:
+ default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc des-cbc-md5
+ default_etypes_des = des-cbc-crc des-cbc-md5
+ o Code for shutting down idle sockd processes put back and can be
+ enabled again, if desired. It is not recommended for busy servers
+ however as performance may be slightly degraded.
+ o Fix bug related to clients using MSG_PEEK and GSSAPI on Linux.
+ o Don't print warning if accept(2) fails when started with the -N<k> option.
+ When started with the -N option, it is expected that accept(2) will
+ fail in 1/k of the cases. Instead just log a debug message about it.
+ o The fflush() wrapper function did not handle a NULL argument.
+ o Fix libsocks upnpcleanup() linking problem when compiled without
+ libminiupnpc.
+ o Assert failure related to message passing on some 64-bit architectures
+ fixed.
+ o The capi/socks.h file was not correctly installed.
+ o Compilation fixes for OpenSuse 11.1.
+ o Compilation fix for config_parse.y compilation without YYDEBUG.
+
+- update to 1.2.0
+ o Improvements to client thread compatibility. The client
+ library should now be mostly threadsafe.
+ o Make support for the socks 5 version described in draft-5.05 be
+ configurable. Before this was always enabled, but it breaks clients
+ based on NEC socks code in some cases as they use the same bit to
+ mean something completely different.
+ A new option has been added to sockd.conf to enable it:
+ "compatibility: draft-5.05". Unless explicitly enabled, the Dante
+ server will not use the socks 5.05 draft specification.
+ o Don't leak username/passwords provided to us for local authentication
+ to upstream proxy server when server-chaining.
+ o Fixed a bug/oversight that imposed an artificial limit on the number
+ of sockd processes that could be created, even when the load required
+ more.
+ o Slight improvement of configuration parsing in an attempt to avoid
+ confusing non-qualified hostnames with NIC interfacenames.
+ o The default connect-timeout/negotiate-timeout has been reduced from
+ 120 seconds to 30 seconds. The "connecttimeout" name has also been
+ deprecated in favour of "timeout.negotiate".
+ o Separate iotimeouts can be set for udp and tcp clients. The "iotimeout"
+ object has also been deprecated in favour of "timeout.io".
+ o New configure option: "--disable-drt-fallback".
+ Used to disable the attempted automatic fallback to a direct route
+ if there are no usable proxy routes. Default is, as before,
+ automatic fallback.
+ o Added a new option: "udp.connectdst". Controls whether the server
+ should connect udp sockets to the destination.
+ The default for this release is yes, which improves performance,
+ but _may_ be incompatible with some udp-based application protocols.
+ Please let us know if you experience problems with some applications
+ no longer working.
+ o support for GSSAPI encryption/authentication (RFC 1961) to both the socks
+ server and socks client.
+ o limit the range of udp-ports used between the socks-client
+ and the Dante server.
+ o By default, try to auto-add direct routes for all addresses on the LAN.
+ To disable it, set SOCKS_AUTOADD_LANROUTES to "no".
+ o Fix bug that caused problems with certain combinations of
+ bind(2)/accept(2)/close(2).
+ o Fix bug that erroneously blocked the bind request from some clients.
+ o Add support for environment variables SOCKS4_SERVER, SOCKS5_SERVER,
+ HTTP_PROXY, and UPNP_IGD.
+ If set, they specify the socks v4, socks v5 server, http proxy,
+ or UPNP-enabled ID to use, without the need for a socks.conf.
+ This should make it possible to run socksify with reasonable results
+ even without a socks.conf, as long as one of these new environment
+ variables are set correctly.
+ o Auto-add direct routes for all gateways. Should make the client
+ a little more user-friendly by not having to specify "direct" routes
+ for the proxyserver any longer.
+ o More finegrained marking of when to mark a proxy route as "bad" so that
+ it will not be used again by the same client.
+ Also add a new variable to config.h, MAX_ROUTE_FAILS, determining
+ how many times a route can fail before being blacklisted. Default
+ is one (same semantics as before there was a variable to control this).
+ o Fix bug that could prevent password authentication from working
+ on some systems.
+ o Add configure option --without-glibc-secure, which disables check for
+ the glibc variable __libc_enable_secure. Creates undesired dependencies
+ for packaging.
+ o New getifaddrs() compatibility function, taken from heimdal-1.2.1.
+ o Support for interfacenames in sockd rules, and in the destination
+ address for socks routes.
+ Should make it easier to set up direct routes for local lan in
+ the client (specify all local interfacenames in route statements),
+ and block connections to e.g. loopback addresses (specify the the
+ loopback interfacename in a block rule) in the server.
+ o UPnP support in the client, using the miniupnp library by
+ Thomas Bernard (http://miniupnp.free.fr/).
+ UPnP is a protocol implemented by many home/small-business routers
+ and adsl-modems. It allows you to dynamically open up ports on
+ the router for accepting incoming connections, as well as figuring
+ out what the external ipaddress of the router is.
+ Dante uses this to make socksify of ftp/bittorent/etc programs
+ work via the UPnP router.
+ Note that only the miniupnp library with releasedate 2009/09/21
+ or later is expected to work with Dante.
+ o Be less strict about bind in the client. The standards says
+ it is expected that the client first performs a connect via
+ the socks server, but it seems some/many socks servers support
+ the client requesting a bind without a previous connect, so we
+ assume that is the case in the client from now on.
+ o Changed the magic bytes that indicate the client is requesting
+ use of the Dante-specific bind extension from 0x00000000 to
+ 0xffffffff, as part of the process to become less strict about
+ the bind command requiring a previous connection.
+ o Don't zero password in client if we read it from environment, or
+ it will not work the next time the same clientprocess tries to
+ authenticate to the server.
+ o Add support for "group:" syntax to rules, similar to "user:" statement.
+ o Close connection to PAM server each time we get an error-reply from
+ it, fixing a bug.
+ o Incorrect assert fixed.
+ o Log close of client-rule with correct command.
+
+
+-------------------------------------------------------------------